Disable the X-Requested-With header to avoid preflighting remote POST requests. Fixes #4601.

This commit is contained in:
John Resig 2009-11-25 13:29:34 -05:00
parent 0f6e9a8c69
commit a7678267d8

View file

@ -275,13 +275,12 @@ jQuery.extend({
} }
// Matches an absolute URL, and saves the domain // Matches an absolute URL, and saves the domain
var parts = rurl.exec( s.url ); var parts = rurl.exec( s.url ),
remote = parts && (parts[1] && parts[1] !== location.protocol || parts[2] !== location.host);
// If we're requesting a remote document // If we're requesting a remote document
// and trying to load JSON or Script with a GET // and trying to load JSON or Script with a GET
if ( s.dataType === "script" && type === "GET" && parts if ( s.dataType === "script" && type === "GET" && remote ) {
&& ( parts[1] && parts[1] !== location.protocol || parts[2] !== location.host )) {
var head = document.getElementsByTagName("head")[0] || document.documentElement; var head = document.getElementsByTagName("head")[0] || document.documentElement;
var script = document.createElement("script"); var script = document.createElement("script");
script.src = s.url; script.src = s.url;
@ -350,7 +349,10 @@ jQuery.extend({
} }
// Set header so the called script knows that it's an XMLHttpRequest // Set header so the called script knows that it's an XMLHttpRequest
// Only send the header if it's not a remote XHR
if ( !remote ) {
xhr.setRequestHeader("X-Requested-With", "XMLHttpRequest"); xhr.setRequestHeader("X-Requested-With", "XMLHttpRequest");
}
// Set the Accepts header for the server, depending on the dataType // Set the Accepts header for the server, depending on the dataType
xhr.setRequestHeader("Accept", s.dataType && s.accepts[ s.dataType ] ? xhr.setRequestHeader("Accept", s.dataType && s.accepts[ s.dataType ] ?